有谁知道如何抑制 ESAPI 库输出的以下嘈杂消息?
System property [org.owasp.esapi.opsteam] is not setAttempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
System property [org.owasp.esapi.devteam] is not set
Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\Users\ktamura\Desktop\embtest-master\ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
Not found in 'user.home' (C:\Users\ktamura) directory: C:\Users\ktamura\esapi\ESAPI.properties
Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
Attempting to load ESAPI.properties via the classpath.
SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader!
SecurityConfiguration for Validator.ConfigurationFile.MultiValued not found in ESAPI.properties. Using default: false
Attempting to load validation.properties via file I/O.
Attempting to load validation.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\Users\ktamura\Desktop\embtest-master\validation.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\validation.properties
Not found in 'user.home' (C:\Users\ktamura) directory: C:\Users\ktamura\esapi\validation.properties
Loading validation.properties via file I/O failed.
Attempting to load validation.properties via the classpath.
validation.properties could not be loaded by any means. fail. Exception was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
我将库添加到我的 Web 应用程序(包括嵌入式 Tomcat)并且 ESAPI 验证有效但输出了嘈杂的消息。
Java代码:
writer.write(ESAPI.encoder().encodeForHTML("<test>"));
ESAPI的依赖:
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.1.0.1</version>
</dependency>
ESAPI.properties:
https://github.com/k-tamura/embtest/blob/master/src/main/resources/ESAPI.properties
重现步骤:
(1) 运行命令:
$ git clone https://github.com/k-tamura/embtest.git
$ cd embtest
$ mvn clean install
(2) 访问http://localhost:8080/ping -> 以上日志显示在控制台上。
环境(我的本地机器):
$ mvn -version
Apache Maven 3.2.2 (45f7c06d68e745d05611f7fd14efb6594181933e; 2014-06-17T22:51:42+09:00)
Maven home: c:\apache-maven-3.2.2
Java version: 1.8.0_121, vendor: Oracle Corporation
Java home: c:\Program Files\Java\jdk1.8.0_121\jre
Default locale: ja_JP, platform encoding: MS932
OS name: "windows 7", version: "6.1", arch: "amd64", family: "dos"
最佳答案
我可以引用@avgvstvs 的回答来解决这个问题,添加InitializationListener:
import java.io.OutputStream;
import java.io.PrintStream;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.annotation.WebListener;
import org.owasp.esapi.ESAPI;
@WebListener
public class InitializationListener implements ServletContextListener {
public void contextInitialized(ServletContextEvent event) {
/* Suppress noisy messages output by the ESAPI library. */
PrintStream original = System.out;
try (PrintStream out = new PrintStream(new OutputStream() {
@Override
public void write(int b) {
// Do nothing
}
})) {
System.setOut(out);
System.setErr(out);
ESAPI.encoder();
} catch (Exception e) {
// Do nothing
} finally {
System.setOut(original);
}
}
@Override
public void contextDestroyed(ServletContextEvent sce) {
// Do nothing
}
}
关于java - 如何抑制 ESAPI 库输出的消息,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45857064/